From 407358623e2655c603dedfb1185c48f2fa088506 Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 3 Jan 2018 21:41:09 +0100 Subject: [PATCH] Fix, header restore, TLS13 ciphers This fixes a bug which prevented the script from running properly. Also the commit restores writing a correct comment header. In addition it adds TLS 1.3 ciphers. --- utils/update_client_sim_data.pl | 34 ++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/utils/update_client_sim_data.pl b/utils/update_client_sim_data.pl index 884cfc8..a927ae1 100755 --- a/utils/update_client_sim_data.pl +++ b/utils/update_client_sim_data.pl @@ -4,7 +4,8 @@ use strict; use Data::Dumper; use JSON; -my $namelength = 30; +# we get all data from here +my $json = `curl 'https://api.dev.ssllabs.com/api/v3/getClients'`; my @spec; my %ciphers; @@ -20,8 +21,8 @@ foreach my $line ( split /\n/, `../bin/openssl.Linux.x86_64 ciphers -V 'ALL:COMP $ciphers{hex "0x$hex"} = $fields[3]; } +my $namelength = 30; # Get the data -my $json = `curl 'https://api.dev.ssllabs.com/api/v3/getClients'`; my $ssllabs = decode_json($json); my %sims; @@ -73,6 +74,16 @@ foreach my $client ( @$ssllabs ) { push @ciphers, "ECDHE-ECDSA-CHACHA20-POLY1305"; } elsif ( $suite == "52394" ) { push @ciphers, "DHE-RSA-CHACHA20-POLY1305"; } + elsif ( $suite == "4865" ) { + push @ciphers, "TLS13-AES-128-GCM-SHA256"; } + elsif ( $suite == "4866" ) { + push @ciphers, "TLS13-AES-256-GCM-SHA384"; } + elsif ( $suite == "4867" ) { + push @ciphers, "TLS13-CHACHA20-POLY1305-SHA256"; } + elsif ( $suite == "4868" ) { + push @ciphers, "TLS13-AES-128-CCM-SHA256"; } + elsif ( $suite == "4869" ) { + push @ciphers, "TLS13-AES-128-CCM-8-SHA256"; } elsif ( $suite == "14906" ) { if ( $has_matched ) { print " \"$shortname\": "; @@ -204,6 +215,7 @@ my $sim = {}; #$sim->{minEcdsaBits} = "minEcdsaBits+=(-1)"; #$sim->{requiresSha2} = "requiresSha2+=(false)"; +# example of self generated / provided handshake: $sim->{name} = "names+=(\"Thunderbird 45.1.1 OSX 10.11 \")"; $sim->{shortname} = "short+=(\"thunderbird_45.1.1_osx_101115\")"; $sim->{ciphers} = "ciphers+=(\"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA\")"; @@ -328,17 +340,21 @@ foreach my $shortname ( reverse sort keys %sims ) { } } -open OUT, ">client-simulation_generated.txt" or die "Unable to open client-simulation_generated.txt"; -# This file contains client handshake data used in the run_client_simulation function -# Don't update this file by hand, but run util/update_client_sim_data.pl instead. -# The one currently distributed with testssl.sh (etc/client-simulation.txt) has been generated +my $header = <<"EOF"; +# This file contains client handshake data used in the run_client_simulation() function. +# The file distributed with testssl.sh (etc/client-simulation.txt) has been generated # from this script and manually edited (=which UA to show up) and sorted. - +# # Most clients are taken from Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients -"; + +EOF + +open OUT, ">client-simulation_generated.txt" or die "Unable to open client-simulation_generated.txt"; +print OUT "$header"; + foreach my $shortname ( sort keys %sims ) { - foreach my $k ( qw(name shortname ciphers sni warning handshakebytes protos lowestProtocol highestProtocol service + foreach my $k ( qw(name shortname ciphers sni warning handshakebytes protos lowestProtocol highestProtocol service minDhBits maxDhBits minRsaBits maxRsaBits minEcdsaBits requiresSha2 current) ) { print OUT " $sims{$shortname}->{$k}\n"; }